Applicant : France Telecom Attorney's Docket No.: 18394-009US1 

Serial No. : N/A 

Filed : Herewith 

Page : 4 of 1 1 



AMENDMENTS TO THE CLAIMS: 

This listing of claims replaces all prior versions and listings of claims in the application: 

LISTING OF CLAIMS: 

1. (Currently Amended) M e thod A method for checking a digital signature, involving a 
microcircuit (53) that can b e conn e ct e d connectable t o a data processing system-(£±) ? the 
microcircuit being designed to receive requests to check digital signatures from the data 
processing system, and to process these requests, a digital signature being generated using a 
private key only known to a signatory entity and associated with a public key, 

characteriz e d in that it includ e s said method comprising a step of storing a certificates 
table (5, 5') containing a digest form of at least one public key in a memory in the microcircuit 
(§5), and a phase (3)-of checking a digital signature comprising steps consisting of: 

[[-]] receiving (21) b y the microcircuit the-a_digital signature (Sig(Ai^ M)-to be checked 
and a public key (A4- p )-in a pair of keys comprising a private key that was used to generate the 
digital signature to be checked, 

[[-]] calculating (23)-a digest form (Hash(Al fi ))-of the received public key, and searching 
(23)-for the calculated digest form of the public key in the certificates table (5, 5') , and 

[[-]] decrypting (25)-the digital signature using the received public key if the calculated 
digest form of the public key is located in the certificates table. 

2. (Currently Amended) M e thod The method according to claim 1, 

charact e riz e d in that it compris e s further comprising a phase £l-)of inserting a public key 
(Shinto the certificates table (5, 5 T ) , comprising steps consisting of: 

[[-]] receiving (10) b y the microcircuit (53) a certificate (<R,B>) of the public key (B^)-to 
be inserted in the certificates table, and a public key (R^-from a certification entity that 
generated the certificate, the certificate comprising the public key to be added into the 
certificates table and a digital signature of the certification entity, generated using a private key 
belonging to a pair of keys including the public key of the certification entity, 

[[-]] calculating (H-)-by the microcircuit a digest form (Hash(Rp )>of the public key (R^) 
received from the certification entity, and searching (13)-for the calculated digest form of the 
public key in the certificates table, 
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[[-]] decrypting (±4)-the digital signature using the public key received from the 
certification entity if the calculated digest form of the public key is located in the table, 

[[-]] extracting £J-7)4he public key (B^)-to be inserted from the certificate if the decrypted 
digital signature is correct, 

[[-]] calculating £t8)-a digest (Hash(B fi ))-of the public key (B^xtracted from the 
certificate, and inserting (±9)-the calculated digest in the certificates table. 

3. (Currently Amended) M e thod The method according to claim 2, 

charact e riz e d in that w herein t he phase (4^-of inserting a public key (B^)-in the certificates 
table (5, 5') comprises th e insertion a step of inserting i n the certificates table of a pointer (8}-to 
the digest of the public key (R$)-of the certification entity that issued the certificate (<R,B^) of 
the public key to be inserted, so as to define a certification tree in combination with the inserted 
digest of the public key. 

4. (Currently Amended) M e thod T he method according to claim 3, 
characteriz e d in that it includ e s further comprising a phase (3)-of deleting a digest 

(Hash(B fi ))-of a public key (B^)-from the certificates table (5, 5') , consisting comprising steps of 
deleting from the certificates table t he digest of a public key to be removed from th e c e rtificat e s 
table, and deleting from the certificates table a ll digests of public keys associated with a pointer 
(Syndicating the public key (B^)-to be removed, from th e certificat e s tabl e. 

5. (Currently Amended) Method T he method according to on e of claims claim 24e-4, 
charact e riz e d in that w herein each public key digest entered into the certificates table & 

£)-is associated with a validity end date-(7), and in that t he phase £±}-of inserting a public key 
(B p )-into the certificates table also compris e s further comprising steps consisting of reading in a 
received certificate a validity end date of the public key to be inserted in th e r e ceiv e d c e rtificat e 
(<R,B>) , and entering the validity end date of the public key (B^)-to be inserted into the 
certificates table, together with the digest of the public key to be inserted, if it is earlier than the 
validity end date of the public key (R^)-of the certification entity read in the certificates table. 

6. (Currently Amended) Method The method according to on e of claims claim 2 4e-§-, 
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charact e riz e d in that w herein each digest of a public key entered in the certificates table 
(5, 5 1 ) is associated with a usage counter (44}-that is incremented every time that a digital 
signature is checked using the public key, and in that it includ e s said method comprising deletion 
of a public key digest from the certificates table when the usage counter is zero and the number 
of empty locations in the certificates table is less than a predetermined threshold. 

7. (Currently Amended) M e thod T he method according to on e of claims claim 2 4e-6, 
charact e riz e d in that w herein each public key digest entered into the certificates table (§7 

£}-is associated with a usage counter (4t)-that is incremented every time that a digital signature 
is checked using the public key, en -and with a last usage date (42)-that is updated every time that 
the associated usage counter is incremented, and in that wh e n the numb e r of e mpty locations in 
th e c e rtificat e s tabl e is l e ss than a pr e d e t e rmined threshold, it also includ e s said method further 
comprising a step to select a digest of a public key to be deleted as a function of the 
corresponding associated values of the usage counter and the last usage date when the number of 
em pty locations in the certificates table is less than a predetermined threshold . 

8. (Currently Amended) Method T he method according to on e of claims claim l4e-^, 
charact e riz e d in that w herein t he microcircuit (Souses a predefined hashing function to 

calculate the digest forms of the public keys. 

9. (Currently Amended) Metho dThe method according to on e of claims claim l4e^&, 
charact e rized in that it compris e s further comprising a phase of inserting a root public key 

(R^)-in the certificates tabl e (5, 5 ! ) , this insertion phase being done by a_write processing 
controlled by a MAC calculated using a specific key in the microcircuit (53) and only known to a 
transmitting a n entity in -having issued t he microcircuit. 

10. (Currently Amended) M e thod The method according to one of claims claim l4e-9, 
characteriz e d in that w herein t he digest of a public key memorized in the certificates table 

(5, 5') is obtained by calculating a digest of the public key associated with other information such 
as the validity end date of the public key, identity information and serial numbers, this 
information being transmitted to the microcircuit (S3)-every time that the signature is checked 
using the public key. 
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1 1 . (Currently Amended) M e thod T he method according to on e of claims claim 1 to 10 , 
charact e riz e d in that w herein t he digest of a public key memorized in the certificates table 

(5, 5') is obtained by calculating a digest of the certificate received by the microcircuit (£3)-when 
the public key is inserted in the certificates table, this certificate being transmitted to the 
microcircuit every time that the signature is checked using the public key. 

12. (Currently Amended) Mefee dThe method according to on e of claims claim 1 to 1 1 , 
charact e riz e d in that w herein t he certificates table (5, 5') is stored in a secure memory 

area in the microcircuit-(§3). 

13. (Currently Amended) Card provid e d with a A microcircuit-f£^ charact e riz e d in that 
it us e s th e m e thod according to on e of claims 1 to 12 designed to receive requests to check 
digital signatures from a data processing system, and to process these requests, a digital signature 
being generated using a private key only known to a signatory entity and associated with a public 
key, said microcircuit comprising: 

memory means for storing a certificates table containing a digest form of at least one 
public key, 

means for receiving a digital signature to be checked and a public key in a pair of keys 
comprising a private key that was used to generate the digital signature to be checked, 

means for calculating a digest form of the received public key, and for searching for the 
calculated digest form of the public key in the certificates table, and 

means for decrypting the digital signature using the received public key if the calculated 
digest form of the public key is located in the certificates table . 

14. (Canceled) 

15. (New) The microcircuit according to claim 13, 
further comprising: 

means for receiving a certificate of the public key to be inserted in the certificates table, 
and a public key from a certification entity that generated the certificate, the certificate 
comprising the public key to be added into the certificates table and a digital signature of the 
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certification entity, generated using a private key belonging to a pair of keys including the public 
key of the certification entity, 

means for calculating a digest form of the public key received from the certification 
entity, and for searching for the calculated digest form of the public key in the certificates table, 

means for decrypting the digital signature using the public key received from the 
certification entity if the calculated digest form of the public key is located in the table, 

means for extracting the public key to be inserted from the certificate if the decrypted 
digital signature is correct, 

means for calculating a digest of the public key extracted from the certificate, and for 
inserting the calculated digest in the certificates table. 

16. (New) The microcircuit according to claim 15, 

further comprising means for inserting in the certificates table a pointer to the digest of 
the public key of the certification entity that issued the certificate of the public key to be inserted, 
so as to define a certification tree in combination with the inserted digest of the public key. 

17. (New) The microcircuit according to claim 16, 

further comprising means for deleting from the certificates table a digest of a public key 
to be removed, and means for deleting from the certificates table all digests of public keys 
associated with a pointer indicating the public key to be removed. 

18. (New) The microcircuit according to claim 15, 

further comprising: means for reading in a received certificate a validity end date of a 
public key to be inserted, and means for entering the validity end date of the public key to be 
inserted into the certificates table, together with the digest of the public key to be inserted, if the 
validity end date is earlier than the validity end date of the public key of the certification entity 
read in the certificates table. 

19. (New) The microcircuit according to claim 15, 

further comprising means for incrementing a usage counter associated with each public 
key digest entered into the certificates table, every time that a digital signature is checked using 
the public key, and means for deleting a public key digest from the certificates table when the 
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associated usage counter is zero and the number of empty locations in the certificates table is less 
than a predetermined threshold. 

20. (New)The microcircuit according to claim 19, 

further comprising means for updating a last usage date associated with each public key 
digest entered into the certificates table, every time that a digital signature is checked using the 
public key, means for deleting a public key digest from the certificates table when the number of 
empty locations in the certificates table is less than a predetermined threshold, and means for 
selecting a digest of a public key to be deleted as a function of the corresponding associated 
values of the usage counter and the last usage date. 

21. (New)The microcircuit according to claim 13, 

further comprising means for executing a predefined hashing function to calculate the 
digest forms of the public keys. 

22. (New)The method according to claim 13, 

further comprising means for inserting a root public key in the certificates table, using a 
write processing controlled by a MAC calculated using a specific key in the microcircuit and 
only known to an entity having issued the microcircuit. 

23. (New)The method according to claim 13, 

wherein the means for calculating the digest of a public key memorized in the certificates 
table comprise means for calculating a digest of the public key associated with other information 
comprising the validity end date of the public key, identity information and serial numbers, this 
information being transmitted to the microcircuit every time that the signature is checked using 
the public key. 

24. (New)The method according to claim 13, 

wherein the means for calculating the digest of a public key memorized in the certificates 
table comprise means for calculating a digest of the certificate received by the microcircuit when 
the public key is inserted in the certificates table, this certificate being transmitted to the 
microcircuit every time that the signature is checked using the public key. 
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25. (New)The method according to claim 13, wherein the memory means for storing the 
certificates table is a secure memory area. 



